So I was running a Kippo honeypot. In Kippo graph there is a diagram tilted "Human activity" (see attached photo). What does it mean? Does it mean that, for example, on 21-11-2014 90 real attackers ...

A friend told me a few months ago about an audit where he discovered root logins were enabled via SSH. This obviously ended up on the report, but when questioned the admin told him that he had set up ...

If honeypots are designed for a specific set of exploits, such as SQL injection and XSS, how do they protect themselves against other exploits? For instance, if I created a honeypot a few months ago, ...

I would like to configure local honeypot on windows xp which is installed on vmware, to do so I follow instruction on this link, but as I am new I don't know how can I configure routing infrastructure ...

wondering if you could help me. i setup the Dionaea honeypot and have collected 6 or 7 malware files. Unfortunately upon checking the Dionaea logs it keeps giving the error "Couldn't resolve host" for ...

Due recent breaches that have occurred using weak remote access application passwords. I would like to setup my own honey pot on a windows machine to study their malicious intents. This is pretty easy ...

If a computer is setup as a honeypot and is on the same LAN with other computers, could other computers be attacked?
My thought is that if an attacker infects a honeypot with a worm, this worm would ...

I've been reading over the logs on my honeypot and discovered the following messages that seem to be either gibberish or a cypher message:
kernel: v0 neigfradn tt
kernel: [2108296.63083] devc nt nee ...

According to Microsoft, adding a honeypot to your corporate network is an effective way to deter hackers from compromising your network.
Aren't honeypots more for research purposes and not ideal for ...

I am pursuing a college project, in which I am running three fake services on three ports to protect the main service (say running at port 80). The concept is that if the user is malicious, he'll try ...

I am pursuing a college project, in which I am running three fake services on three ports to protect the main service (say running at port 80). The concept is that if the user is malicious, he'll try ...

I don't know much about content injection so I'm hoping to draw on the experience of the community here. I'm writing a tool that evaluates public web proxies. I want to know if the proxies are being ...

Does anyone know of a secure and transparent method of sending logs from a honeypot server on a DMZ to a logging server in a private network?.
The logs must be encrypted and sent in such a way that a ...

I have a really simple high interaction honeypot and I have just installed a VM as an IPS (suricata) with a transparent bridge between my router and the honeypot. The setup looks something like this:
...

I've been writing a high interaction honeypot which has required some interesting design decisions, for instance I want the honeypot to get attacked not the underlying infrastructure/ software. Fun ...

This paper proposes the concept of honeywords for detecting if a password database has been compromised.
As far as I understand it works like this:
You save n password hashes for each user, one that ...

I'm looking to turn a new desktop (Ubuntu 12.10-64bit) I built into a virtual home lab for testing and experimenting with various security things. The first setup I would like to try running is the ...

I am suspecting someone unauthorized is trying to or already in the network trying to get information on some data that we have. How can I lure this person to a "Honeypot" and gather information while ...

So you've successfully setup a honeypot. GREAT! Now what?! I've got all this amazing data but;
How do you analyze all the data collected from your honeypot software?
What should you be looking for? ...

I am writing a research paper on tracking hackers and how to include keystroke timings to create a profile of hackers.
I want to combine the keystroke timings that I capture in ttylog with other data ...

This article describes how French researchers compromised users using Tor. I'm not sure I fully understand or agree with it. I don't see what Bit Torrent has to do with anything? I mean they start out ...

I would like to provide content when a hacker tries something like GET /../../../etc/passwd, but they may choose something else, other than passwd. I will install notification of when somebody does ...

Use of Game Design to Profile Attackers:
Interested in any research that links concepts in game design to security systems in an effort to profile the attacker's identity, motives, skills, etc.; if ...